<?php
require_once('lzu_op_fns.php');
do_html_header('修改密码');
if (isset($_POST['submit'])) {
    if (!(isset($_POST['sno']) && isset($_POST['old_passwd']) && isset($_POST['new_passwd']) && isset($_POST['new_passwd2']))) {
        echo "<script>alert('请填写完整的信息！');location.href='modify_form.php';</script>";
        exit;
    }
    $sno = $_POST['sno'];
    $old_password = $_POST['old_passwd'];
    $new_password = $_POST['new_passwd'];
    $new_password2 = $_POST['new_passwd2'];
    require_once('db_fns.php');
    $conn = db_connect();
    $sql = "select psw from user where sno='$sno'";
    $result = $conn->query($sql);
    if ($result->num_rows > 0) {
        $row = $result->fetch_array();
        $password_db = $row['psw'];
        if ($password_db != md5($old_password)) {
            echo "<script>alert('密码错误！');location.href='modify_form.php';</script>";
            exit;
        }
    } else {
        echo "<script>alert('学号不存在！');location.href='modify_form.php';</script>";
        exit;
    }
    if ($new_password != $new_password2) {
        echo "<script>alert('两次密码不一致！');location.href='modify_form.php';</script>";
        exit;
    }
    $sql = "update user set psw=md5('$new_password') where sno='$sno'";
    $result = $conn->query($sql);
    if ($result) {
        echo "<script>alert('密码修改成功！');location.href='login.php';</script>";
    } else {
        echo "<script>alert('密码修改失败！');location.href='modify_form.php';</script>";
    }
} else { ?>
    <form method="post">
        <table bgcolor="#FFFF99">
            <tr>
                <td>请输入校园卡号：</td>
                <td><input type="text" name="sno" maxlength="16" /></td>
            <tr>
                <td>请输入原密码：</td>
                <td><input type="password" name="old_passwd" maxlength="16" /></td>
            </tr>
            <tr>
                <td>请输入新密码：</td>
                <td><input type="password" name="new_passwd" minlength="6" maxlength="16" /></td>
            </tr>
            <tr>
                <td>请再次输入新密码：</td>
                <td><input type="password" name="new_passwd2" minlength="6" maxlength="16" /></td>
            </tr>
            <tr>
                <td colspan="2" align="center">
                    <input type="submit" name="submit" value="修改密码">
                </td>
            </tr>
        </table>
    </form>
    <a href="login.php">返回登录界面</a>
<?php
}
do_html_footer();
?>